Total
736 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-5184 | 1 Apple | 1 Cups | 2009-01-28 | 10.0 HIGH | N/A |
The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions. | |||||
CVE-2007-6096 | 1 Ingate | 2 Ingate Firewall, Ingate Siparator | 2008-11-14 | 5.0 MEDIUM | N/A |
Ingate Firewall before 4.6.0 and SIParator before 4.6.0 use cleartext storage for passwords of "administrators with less privileges," which might allow attackers to read these passwords via unknown vectors. | |||||
CVE-2007-4961 | 1 Linden Lab | 1 Second Life | 2008-11-14 | 4.3 MEDIUM | N/A |
The login_to_simulator method in Linden Lab Second Life, as used by the secondlife:// protocol handler and possibly other Second Life login mechanisms, sends an MD5 hash in cleartext in the passwd field, which allows remote attackers to login to an account by sniffing the network and then sending this hash to a Second Life authentication server. | |||||
CVE-2007-4598 | 1 Ibm | 1 Surepos 500 | 2008-11-14 | 4.6 MEDIUM | N/A |
IBM SurePOS 500 has (1) a default password of "12345" for the manager and (2) blank default passwords for operator accounts. | |||||
CVE-2008-0604 | 1 Xlight Ftp Server | 1 Xlight Ftp Server | 2008-09-05 | 6.8 MEDIUM | N/A |
The LDAP authentication feature in XLight FTP Server before 2.83, when used with some unspecified LDAP servers, does not check for blank passwords, which allows remote attackers to bypass intended access restrictions. | |||||
CVE-2006-4068 | 1 Pswd.js | 1 Pswd.js | 2008-09-05 | 5.0 MEDIUM | N/A |
The pswd.js script relies on the client to calculate whether a username and password match hard-coded hashed values for a server, and uses a hashing scheme that creates a large number of collisions, which makes it easier for remote attackers to conduct offline brute force attacks. NOTE: this script might also allow attackers to generate the server-side "secret" URL without determining the original password, but this possibility was not discussed by the original researcher. | |||||
CVE-2005-4862 | 1 Xwiki | 1 Xwiki | 2008-09-05 | 5.0 MEDIUM | N/A |
The search functionality in XWiki 0.9.793 indexes cleartext user passwords, which allows remote attackers to obtain sensitive information via a search string that matches a password. | |||||
CVE-2004-2708 | 1 Phrozensmoke | 1 Gyach Enhanced | 2008-09-05 | 5.0 MEDIUM | N/A |
Gyach Enhanced (Gyach-E) before 1.0.0 stores passwords in plaintext, which allows attackers to obtain user passwords by reading the configuration file. | |||||
CVE-2003-1482 | 1 Microsoft | 1 Mn-500 Wireless Base Station | 2008-09-05 | 4.6 MEDIUM | N/A |
The backup configuration file for Microsoft MN-500 wireless base station stores administrative passwords in plaintext, which allows local users to gain access. | |||||
CVE-2002-2384 | 1 Hotfoon Corporation | 1 Hotfoon | 2008-09-05 | 3.6 LOW | N/A |
hotfoon4.exe in Hotfoon 4.00 stores user names and passwords in cleartext in the hotfoon2 registry key, which allows local users to gain access to user accounts and steal phone service. | |||||
CVE-2002-2355 | 1 Netgear | 1 Fm114p | 2008-09-05 | 7.1 HIGH | N/A |
Netgear FM114P firmware 1.3 wireless firewall, when configured to backup configuration information, stores DDNS (DynDNS) user name and password, MAC address filtering table and possibly other information in cleartext, which could allow local users to obtain sensitive information. | |||||
CVE-2002-2389 | 1 Fastlink Software | 1 The Server | 2008-09-05 | 5.0 MEDIUM | N/A |
TheServer 1.74 web server stores server.ini under the web document root with insufficient access control, which allows remote attackers to obtain cleartext passwords and gain access to server log files. | |||||
CVE-2002-2412 | 1 Nullsoft | 1 Winamp | 2008-09-05 | 2.1 LOW | N/A |
Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] sections in winamp.ini, which allows local users to gain access to other accounts. | |||||
CVE-2002-2345 | 1 Oracle | 1 Application Server | 2008-09-05 | 7.5 HIGH | N/A |
Oracle 9i Application Server 9.0.2 stores the web cache administrator interface password in plaintext, which allows remote attackers to gain access. | |||||
CVE-2002-2310 | 1 Kryptronic | 1 Clickcartpro | 2008-09-05 | 5.0 MEDIUM | N/A |
ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords. | |||||
CVE-2008-1271 | 2008-03-11 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-1218. Reason: This candidate is a duplicate of CVE-2008-1218. Notes: All CVE users should reference CVE-2008-1218 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. |